Vegas' hackers' meeting stresses e-danger

The government reiterated its warning Thursday that hackers may be planning a
major attack that would exploit a vulnerability in Microsoft software. For
more' information on the Windows flaw and its remedy, visit the U.S.
Department of Homeland Security's National Infrastructure Protection Center's
website atwww.nipc.gov. To report suspicious activity, contact the
Infrastructure Protection Center's Watch Office at 888-585-9078.

Marcus Sachs, director of National Cyber Security for the U.S. Department of
Homeland Security, and Kevin Mitnick, the nation's most notorious hacker,
shared a table for lunch on Thursday at Caesars Palace.

That was just one example of the rather strange mix
of technology cultures that have come together in Las Vegas this week
for a pair of security conventions.

Black Hat Briefings -- a technology convention
touting digital self defense -- wrapped up on Thursday after catering
to a crowd of business executives and sales people for three days.
Organizers said the event drew record attendance of about 1,700 looking
for up-to-date information on security.

A table away from Mitnick and Sachs, Donald Welch,
an associate dean from the U.S. Military Academy at West Point, and
Aqeel Zaman, a Toronto executive, traded business cards and shared
concerns over protecting large computer systems.

"It's a good place to get a lot of current information," said Welch.

Sachs, in the Black Hat's final keynote
presentation, said system security has been a focal point of national
defense since the mid-1990s.

"That was our soft underbelly," he said, adding that
the Sept. 11, 2001, terrorist attacks came as a shock because so many
in the defense community were expecting terrorism in cyberspace.

"We were very shocked that the attack did not come
from the cyber dimension and that it came instead in a physical
attack," he said.

Sachs emphasized that the nation has little choice
but to address such security concerns, whether it's an attack on
national defense or malicious hackers defacing corporate websites or
exploiting software vulnerabilities.

"Our nation is now in cyberspace," he said. "We can't go back. This is how we work, and we need to keep it safe."

The government, however, can't be relied on to
maintain that security. Sachs said that effort will demand the
attention of the private sector.

Those private sector entities policing cyberspace
will include hackers, said organizers of Black Hat and its sister event
Defcon, which begins today in Las Vegas.

Black Hat started seven years ago as a more
"professional" sister event to the more informal hacker gathering
gaining fame, Defcon. Organizers expect about half of the Black Hat
attendees -- some wearing T-shirts proclaiming: "I read your email." --
to stay in town for Defcon.

As security becomes a more important focus, B.K.
DeLong, a spokesman for Black Hat and Defcon, said hackers are clearly
serving a purpose.

"If you think about it, big companies like Microsoft
really have no accountability, except to the hacker community," he
said, pointing to recent news reports that hackers have threatened to
attack a flaw in the software giant's Windows software.

It wasn't until threats began surfacing that the
flaw and a Microsoft patch to fix the error began to receive publicity,
DeLong said. He downplayed speculation that a formal attack on Windows
could originate from Defcon this weekend.

Still, even Sachs alluded to the role of hackers in system security in his speech.

"Sometimes that's just what it takes, showing
someone that their systems can be vulnerable," he said after describing
how he hacked into his daughter's computer through the Internet to
teach her a lesson about maintaining security.

Jeff Moss, founder of both conventions, also said
the criminal connotations now associated with the term hacker is
largely overplayed.

"You can be a good plumber or you can be a bad
plumber," he said. "You can be a good hacker or you can be a bad
hacker. The issue is 'Are you committing crimes with computers?' "

As Defcon gears up this afternoon, teams of hackers
will be flexing their muscle as they hit the street of Las Vegas in a
high-tech game of "Wardriving."

As many of 12 teams, in cars decked out with
antennas and laptop computers, will race around town trying to identify
as many wireless Internet access points as possible around town. The
team that identifies the most access points wins.

DeLong emphasized that nothing malicious will be
taking place. The teams will just be identifying the access points,
determining which are secure or unsecure, he said.

"They're just seeing what they can find," DeLong said. "Just basically collecting information."

He did say that the Defcon convention has undergone
an image makeover of sorts during the past two years. The event, which
is in its 11th year, had started to deteriorate into more party than
conference. A renewed emphasis on speakers and content has raised the
level of professionalism, he said.

This year's event, which is expected to draw as many
as 5,000 attendees, will feature topics including network
reconnaissance, corporate intelligence and copyright infringement.

"It's a party, plus serious talks," Moss said.

Moss said such a renewed focus makes sense as
one-time hackers are increasingly becoming "security professionals."
The fears of cyberterrorism outlined by Sachs earlier in the day have
led defense contractors to go to work on security.